Refs CVE-2026-1312 -- Raised ValueError when FilteredRelation aliases contain periods.

This prevents failures at the database layer, given that aliases in the ON clause are not quoted. Systematically quoting aliases even in FilteredRelation is tracked in https://code.djangoproject.com/ticket/36795.
author: Jacob Walls <jacobtylerwalls@gmail.com> 2026-01-21 18:00:13 -0500
committer: Jacob Walls <jacobtylerwalls@gmail.com> 2026-02-03 07:56:04 -0500
commit: 005d60d97c4dfb117503bdb6f2facfcaf9315d84 (patch)
tree: 0731ff63a878625da04fa96e90da8ee32ed43f89 /tests/filtered_relation
parent: 69065ca869b0970dff8fdd8fafb390bf8b3bf222 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/filtered_relation/tests.py b/tests/filtered_relation/tests.py
index cdcd5c19af..e263307193 100644
--- a/tests/filtered_relation/tests.py
+++ b/tests/filtered_relation/tests.py
@@ -216,6 +216,19 @@ class FilteredRelationTests(TestCase):
             str(queryset.query),
         )
 
+    def test_period_forbidden(self):
+        msg = (
+            "FilteredRelation doesn't support aliases with periods (got 'book.alice')."
+        )
+        with self.assertRaisesMessage(ValueError, msg):
+            Author.objects.annotate(
+                **{
+                    "book.alice": FilteredRelation(
+                        "book", condition=Q(book__title__iexact="poem by alice")
+                    )
+                }
+            )
+
     def test_multiple(self):
         qs = (
             Author.objects.annotate(
author	Jacob Walls <jacobtylerwalls@gmail.com>	2026-01-21 18:00:13 -0500
committer	Jacob Walls <jacobtylerwalls@gmail.com>	2026-02-03 07:56:04 -0500
commit	005d60d97c4dfb117503bdb6f2facfcaf9315d84 (patch)
tree	0731ff63a878625da04fa96e90da8ee32ed43f89 /tests/filtered_relation
parent	69065ca869b0970dff8fdd8fafb390bf8b3bf222 (diff)